Practical VoIP Penetration Testing Using Mr.SIP. 
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=== Interests: - — 


Introduction - 


| From a hobby to the most advanced VoIP / SIP Pentest Tool ever. 


== Developed to audit and simulate SIP-based attacks 
+ Originally used in academic studies mM 
= To help developing novel SIP-based DDoS attacks 


P^ master + Go to file Add file + 


= : rots — : : : : v ας , e meliht Set theme jekyll-theme-leap-day  .. 
. * Became a fully functional SIP Pentest Tool 


* Canalsobeusedas; - ae ο... = ies — | ΕΕ 
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. Timeline for MrSIP Dark Age/Closed Source — 


| 2011: First prototype developed by Melih Ἢ 
+ Winner in an innovation competition 
_ * Raised about $2m with research grants - 


2011: PrototypenamedasVZA 6 . 

— . *. VoIP Vulnerability Tool in Turkish - 

. 2012: VZA is funded by the Turkish Government 

_: > « Under a commercial COMPANY | 2 
.* Has one of the 10 biggest VoIP labs in the world _ 
= * ‘Research team founded . = IT: p 


—. Timeline for Mr.SIP — Middle Age Battles - 


= Fork, Competitors, Closed Source 


2011: Independent competitor (SIPVicious) began. Mir esses 


2012: Wrong choice of team player caused fork: | | 


+ (Viproy, Fatih) 


= 2012 : The company kept initial tools private 
. 2013: The company kept initial tools private 


Αα ος 


9014: The company kept initial tools private 
. 2015: The company kept initial tools private 


. 2015: Melih left the company - —— 


afozavci - 21 Nov 2012 
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Yemek bahane sohbet sahane diyim. 
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- Timeline for Mr.SIP — Modern Age/Open Source - 


. 2016: New Team gathered in London, BlackHat. 
2016: Mr.SIP Open Source development began 
2017: First public version appeared (3 modules) 
. 2019: Presented at followings: | . = 

- + BlackHat USA/EU/Asia Arsenal ^ .. - 


= * Offzone Moscow — 

. 2020: Pro version is now 10 modules - 

| 2020: Defcon28 Main Stage Talk (right here) 

= 2021: Roadmap covers 5 new modules + GUI 
2021: Built-in tool (public version) in Kali τες | 

. 2022: Attract and collaborate with major VoIP manufacturers; — 0. 
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—. Facts about VoIP Security 


Subscription Fraud (Identity) 
PBX Hacking 
IP PBX Hacking 


Subscription Fraud (Application) 


Subscription Fraud (Credit Muling/Proxy) 


Abuse of Service Terms and Conditions 
Account Takeover 

Internal Fraud / Employee Theft 
Phishing / Pharming 


Payment Fraud 


IP PBX Hacking 


Phishing / Pharming 


Account Takeover 


Subscription Fraud (Application) 


Subscription Fraud (Credit Muling/Proxy) 


0.0% 


% of Total Responses 


1.0% 2.0% 3.0% 4.0% 5.0% 6.0% 7.0% 


CECA 


COMMUNICATIONS FRAUD CONTROL ASSOCIATIO 


Telephony Denial of Service 


TDoS 


6.5% 7.0% 7.5% 8.0% 8.5% 


Financial Fraud and 
Social Engineering 


Harassing Callers 


Robo-calling Scams, 


Voice Phishing 


Activity Increase 


and Spam 


Service Theft and 
Call Pumping 


SIP Packet / 
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black hat 


BLACK HAT | 


DISCOVER NEW TOOLS FOR NETWORK TESTING & 


DEFENSE AT BLACK HAT ASIA 


About 


Contact 


Privacy 


Find yourself some of the latest and most exciting cybersecurity tools at the Arsenal, where you can meet 
and chat with their creators. 


Every pass sold to Black Hat Asia in Singapore this March entitles the bearer to (among other things) 
access the Arsenal, and there's no better place to watch experts demonstrate new and exciting open- 
source cybersecurity tools. 


For example, "Mr SIP: SIP-Based Audit and Attack Tool" offers you a practical look at Mr SIP, a tool 
developed to audit and simulate SIP (Session Initiation Protocol) attacks. In the current state, it comprises 
four sub-modules named SIP-NES (a network scanner), SIP-ENUM (enumerator), SIP-DAS (DoS attack 
simulator), and SIP-ASP (attack scenario player). 


Originally designed for use in academic work developing novel SIP-based DDoS attacks, it's since been 
developed into a fully functional SIP-based penetration testing tool that you can use in your own work! 


TE hat οιδὸικ hat 


ASIA 2019 EUROPE 2019 


İçindekiler = 


Kütüphaneme ekle Eleştiri yazın 


cisco + "mr. SIP" için bu kitaptaki 5 sonuç gōsteriliyor - Suna göre sırala: alaka düzeyi | sayfa numarası Aramayı temizle 


-2.100 --dp 


» 


“Cain & Abel,” http: 
“2015 Global Fraud 


Understanding Session Border 
Controllers: Comprehensive Guide to 
Designing ... 

ubh 


cisco + "mr.SIP" 


Bu kitap hakkinda 


» Kitapligim 


n Mr. SIP, 


MOS (mean opinion score), 1038 

MOS-Con field, 1062 

MPS (Multi-Page Signal) messages, 690-691 
Mr. Sip SIP-DAS (DoS Attack Simulator), 990 
Multi-Level Precedence and Preemption, 129 
Multi-Page Signal (MPS) messages, 690-691 


- Facts (Problems) about VoIP Sec 


VoIP technologies are inherently weak 
= VoIP protocols are not designed securely 
| - Manufacturers cannot meet today's security needs 
- VoIP is not managed securely in companies generally — 


- It will become an indispensable need in the near future 


There is a need for a product the can detect and ` 
report security problems specific to VoIP. pm 


SIP-VSCAN - vulns & exploit scanner 


= Why to use Mr.SIP? State of Art in VoIP! 
= - High performance with ΞΕ threading = = 
== Hiding skills from security perimeters — = The Bible == VoIP = 
== Advanced IP spoofing. skills: random, subnet, manual | E E _ az 


E Advanced intervention skills: MiTM, Intercepting Proxy | 


: x On the fly cracking for SIP digest authentication 


L Package injection and repeating skills 
€. Predefined original TDoS attack scenarios ES 


° Advanced SIP packet generator (no trace, can generate based on vendor) | | #1 3 


b. . TelephonyjDeniallofiService 
~ h 


= Who is Using MrSIP? All in One Attack Tool — — 


__+ Service providers and telecom operators at all levels - 3 
.* Banking/finance and enterprise where security is critical — :- : 
| == All other institutions that manage their VolP/UC infrastructure c 


© -e Integrators, security consulting firms and researchers . 
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= sets == 
.* Penetration Testing 
* RedTeamingActivities = ^ - | 
.* VoIP and Security Product Testing for R&D 
TE * Performance testing — — — 
© = e Security testing | 
= Load testing -.- ^ 
* Robustness testing etc. - - 


* PoC and quality testing (purchase stage) > 


..* Both VoIP and security products such as firewall, DDoS mitigator, IPS etc. μη . 


: Typical VoIP Topologies = 


+ Internal VoIP Implementations — Proxy 2 
e (targetinthis presentation) > = INVITE z 


+ Managed Services ^ = | wut, 


: ° Online SIP Trunking Services = = = : INVITE 


Ko 


Caller 


SIP Basics 

| The following request types are common within SIP: 

INVITE — Invites an account to join the call. 

ACK —Confirmation regarding the invite of joining the call. 

CANCEL — Canceling a queued call. 

REGISTER — Registering the user against the SIP server. 

OPTIONS — Shows the options the caller has. 

BYE — Ends the call between both sides. 

REFER — Shows that the receiver needs to communicate through a 3rd party by the information attached to the request. 


SIP Requests/Responses: 


1xx (Informational) 

2xx (Success) 

3xx (Redirection) 

4xx (Failed requests) 

5xx (Web server cannot complete request) 
6xx (Global errors) 


REGISTER | 


OK 200 | 
INVITE Β 
TRIYING 100 


^ Basic SIP Call Flow: 


INVITE 

| 
Ox ART | 

. Sender initiates an INVITE request. 

. Receiver sends back a 100 (Trying) response. at -- 

. sender starts ringing by sending a 180 (Ringing) response. < [em > 

. Receiver picks up the phone and a 200 success response is sent (OK). 

. ACK is sent by the initiator. 

. Call started using RTP. 

. BYE request sent to end the call. 


yoical SIP Interaction Structure: 


w] Ch 


- Sample SIP INVITE | 


INVITE sip:6000@192.168.65.140;transport=UDP SIP/2.0. v=0. 

Via: SIP/2.0/UDP 213.14.141.71:64116;branch=z9hG4bK-524287-1---d6078501e9ea7434;rport. 0-Z 977115011 0 IN IP4 213.14.141.71. 

Max-Forwards: 70. s=Z. 

Contact: <sip:5000@213.14.141.71:64116;transport=UDP>. C-IN IP4 213.14.141.71. 

To: <sip:6000@192.168.65.140;transport=UDP>. t=0 0. 

From: <sip:5000@192.168.65.140;transport=UDP>;tag=3455a85b. m=audio 8002 RTP/AVP 106 9 3 1110 8 97 110 112 98 101 100 99 102. 
Call-ID: Fjad329igBhemWulVrhvnw... a=rtpmap:106 opus/48000/2. 


CSeq: 1 INVITE. oe Τ᾽ — Mm E 
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE. a-fmtp:106 minptime=20; cbr-1; maxaveragebitrate-40000; useinbandfec-1. 
a-rtpmap:111 speex/16000. 


Content-Type: application/sdp. 
| User-Agent: Z 5.2.28 rv2.8.115. a-rtpmap:97 iLBC/8000. 

| Allow-Events: presence, kpml, talk. a-fmtp:97 mode-20. 

Content-Length: 610. a-rtpmap:110 speex/8000. 

E a-rtpmap:112 speex/32000. 
a-rtpmap:98 telephone-event/48000. 
a-fmtp:98 0-16. 
a-rtpmap:101 telephone-event/8000. 
a-fmtp:101 0-16. 
a-rtpmap:100 telephone-event/16000. 

À a-fmtp:100 0-16. 
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* 3 cases for registration 

SS . — ^ — 
* . Each boot ES 

* 1perhour(RFC 3261) 


REGISTER sip:192.168.65.140;transport-UDP SIP/2.0. 

Via: SIP/2.0/UDP 213.14.141.71:64116;branch-z9hG4bK-524287-1---d935997a1e3e718c;rport. 
Max-Forwards: 70. 

Contact: «sip:5000(0213.14.141.71:64116;rinstance-4ea06fe6ab52486d;transport-UDP». 

To: <sip:5000@192.168.65.140;transport=UDP>. 

From: <sip:5000@192.168.65.140;transport=UDP>;tag=da37233e. 

Call-ID: foJugB HC4560I90XERIUA... 

CSeq: 2 REGISTER. 

Expires: 60 

Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE. 
User-Agent: Z 5.2.28 rv2.8.115. 

Authorization: Digest 

username="5000", realm="asterisk", nonce="072c5939", uri="sip:192.168.65.140;transport=UDP", response="2778ca8fd9597ec4f327152bdd 
a3975e",algorithm-MD5. 

Allow-Events: presence, kpml, talk. 

Content-Length: 0. 


— ee 


Basics About SIP Registration 


ecister 
1 Unauthorized 
Register with Authorization 


200 OK 


HAJ = MD5(username:realm:password) 
HA2 = MD5(method:digestURI) 
response - MD5(HA1:nonce:HA2) 


: + Identifying SIP Servers and Enumerating Users ------ 
ΕΕΣ Registration Hijacking via SIP Digest Authentication Cracking E 
E Sniffing via Application level MiTM SS = = 

ED Caller-ID Spoofing via SIP Signalling Manipulation - 
| | = Enumeration via Eavesdropping Calls | | 
: E 3 Searching for Known Vulns & Exploits Based on Version Info 
E TDoS Attacks including IP Spoofing Bo ou | 


.* BONUS: Disclosing 


background of Call Frauds where hackers made millions $$$ | # 21 
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= Our Demo Lab Setup - - ---- 
= - = | = E = Softclients . κε 
E e 36 : = \ A 


w — " : E D ὋΝ νὰ κ 
l : ramen " - - 
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— Target Network - 


IP Phones 


e we — Z | Trix-2: 192.168.65.140 - = 
m CS — — EX e E E MCE 


| FPBX: 192 16865145. n 55 ? s " | "T # 22 


: E Kali Linux 
.  (MrSIP Pro installed) 


^. MrSIP Installation: 
Preferred OS: Kali Linux — 
Ú privilege required = 
Use Requirements.txt for extra libraries! — —— 


= = #python3 mr.sip.py --help = = | 
= #python3 mr.sip.py =o 


^A Workflow of Modules on Attack Deployment 


Mr.SIP Pro Inter-Modules Workflow 


user-agent dictionary SIP Message Generator 
SIP extension dictionary 
SIP-SIM Λ 
caller-id spoofing attack 
SIP-server version library 
SIP-DAS flood based DoS 
attacks 


SIP-NES live SIP servers & version info 


predefined scenarios development framework 
SIP-ENUM valid SIP users 
SIP-VSCAN known vulns & exploits 


SIP-MANMID 


SIP traffic capture SIP-EAVES call specific info, enumeration 


password dictionary SIP-CRACK credentials + registration hijack 


= | Hacking | Sto ry 1: Reg Ss n Hia C kinder = 
-Long Distance Call Routing Fraud — 


© e Victim: An enterprise running VolP (SIP Trunk) —— 
= Impact: Infrastructure abuse causing expensive bills - E | 
= Cause: Weak password policy, unencrypted UDP traffic == 
= Attacker Motivation: Carrier voice business w/o infrastructure 


= Ξ Attack Vector: Authentication attack, registration hijacking 


== Techniques: MiTM sniffing, digest auth. calculation, password cracking | 


E Hacking Story 1: Setup & Steps = 


== Assumption-1: Hired to pentest on = zu Hacking Steps: == 
Ld —————— EE = E = 
ee SIP servers identification 
+ Assumption-2: Target SIP server have . | arp 
outbound calls over internet . — .- 
© Target Subnet: 192.168.65.0/24 
— +: Attack Tool: Mr.SIP Pro, SIP (NES, - 
= ENUM, SNIFF, CRACK) ee 
. Payloads: Dictionaries for (user eae 
extension, password) . .. | 


Valid user enumeration = = 
MiTM sniffing — 
SIP Authentication Data collection = 


. SIP digest authentication cracking 


Au 5 UN 


Registration hijack | SS 


“rootfkali-64 
root8Bkali-64: 


| 14) 
[4] 


[5] 


root8ükali-64 
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Net 
New 


New 


li 
li 


πο μμ ερ 


k scan : 


ve IP found 
ve IP nd 
k scan pr 


on 
on 


192. 


192. 


process started. 


168.65. 


eskcop/Mr.SIP Prot ῃ 


seems as a 


seems as 4 


IP addres 


SIP 
sie 


Server 
Server 


root@kali-64:~/Desktop/Mr.SIP_Pro# python3 mr. 


~ By Melih Tas (SN) 


Caner Onur Nesli 


lakki Riza Kucuk 


0 pa 
extension found 
extension found 
extension found 
extension found 
extension found 
extension found 
extension found 
extension found 
extension found 
extension found 
extension found 
extension foun 
extension found 
extension found 
found 


as 
192.168.65.140: 
192 8.65.140: 
192.168.65.140: 
192.168.65.140: 
192.168.65.140: 
192.168.65.145: 
192.168.65.145: 
192 5.145: 
192.168.65.145: 
192.168.65.145: 
192.168.65.136: 
192.168.65.145: 
192.168.65.145: 
192.168.65.145: 
192.168.65.140: 


in 
in 


extension 


2000, 
1000, 
$000, 
1001, 
1001, 
5000, 
2000, 
4000, 
3000, 
1001, 
2000, 
1002, 
1000, 
9911, 
6000, 


Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 
Authentication 


not required! 
not required! 
required. 
required. 
required. 
required. 
required. 
required. 
required. 
required. 
not required' 
required. 
required. 
required. 
required. 


root@kali-64:-/Desktop/Mr.SIP Prof python3 


= E ac ki ng Sto ry 1: DEMO! (watchit on οὗ youtube che 


www.youtube.com channel UCegrl4 YdhrlPixG80tx Skw . = e 


nne) . 


mr.sip.py --crack .140 
/ ae \ EE \ I ry 
a T NEN TEE NE NOE ως αρ D 
| | icem m lex à EAR | / | ) ( \ X £4 | 
| I έν / | C) / | PTE Ne /\ IX 
F^ \ » C) "a i Z \ | | l x 
/ | T | |. Ξε" ' / XJ > NL PA 3 
/ \ Για η | ( | | 1 Cl / \ | od ΠΝ ΚΠ ΒΕ < 
a ΜΜ fe TL | s 1 77 Le [D Ανα | χα 
| C) | C) | 
| IN /N {ΙΙ ~ By Melih Tas (SN) 
Greetz ~ Caner Onur Nesli 
Maintainer ~ Hakki Riza Kucuk 
[11] Client Interface: eth0 
[!] Client IP: 192.168.65.138 
!] SIP CRACK simulation process started. 
Tum Server Client User Hash Passwor 
L 192.168.65.1 192.168.65.140 5000 £624a625a 1234 
2 192.168.65.1 192.168.65.140 5000 Oc81c864d 3 1234 
3 192.168.65.1 192.168.65.140 5000 c1303f7fec338b8c9f33dbcf0eaci49a 1234 
ł 192.168.65.1 192.168.65.140 5000 c1303f7fec338b8c9f33dbcf0eaci49a 1234 
192.168.65.1 192.168.65.140 5000 5da8675dfdb834cf9935afb5890cb57c 1234 


Attack Conclusion - 


+ Single registration barrier? - ---ξ------ = E 
= Perform Registration Erasure attack to drop existing one! Make it periodic for persistence! = 
© Run this attack architecture on wide range of network and hijack more users. 
.* Business opportunity: e = 
== * Wholesale VoIP, Carrier Voice, Call Shop, Prepaid/Post-paid card. . 


+ Millions of dollars profit!! without running any telecom infrastructure. 
+. „Based on REAL incidents! . = | JTE 


Hacking Story 2: Caller-ID Spoofing fora .. 
—. Spear Phishing Campaign EEE 
É— + Victim: An enterprise running VolP - : EE X 
_ Impact: Enabling an attacker access (potentially), information disclosure mum 
c Cause: Unencrypted UDP traffic for SIP, lack of security awareness. = 
= Attacker Motivation: Malware infection, information stealing (credentials) 


= Attack Vector: Caller-ID spoofing, social engineering (spear phishing) 


| EC Techniques: MiTM sniffing, SIP signalling manipulation 


= Hacking Steps: - = == 
L 1. SIP servers identification 


* Assumption-1: Hired to penteston _ 
—lhtermabnetwork- — — . .— - 


1 
2. Valid'user enumeration == 
SL ———— 
4. Call eavesdropping & enum. 

5 

6 

/ 


E B Target Server: 192.168.65.140 eed 
= +- Attack Tool: Mr.SIP Pro, SIP (ENUM, 
= ee ': 


E Paylóads: User extension dictionary 


= Custom INVITE generation | 
. Caller-ID spoofing :.. . ^ 4 
caje eres 


^ y e : τε c ^ d ; a 5 i z 
. Mimi .aàanother user and ONISNINEG . 
dar : S ene AS Κος: 
da RT UTE Se Κ 
NU 
P μὰ ΜΗΝΕΣ 


να 


Hacki ng Story. 2: DEMO! = youtube channel = 


www.youtube.com/channel 


- nomena πος - “root@kali-64:-/Desktop/Mr.SIP Prof python3 mr.sip.py 
= = / Y ρω M ae Re — ) : UC Cc NN CRISE ο TTE S ioe eK. 
ux E επ NEM Aa Cd TEL ile D mt ae etl Ver τω ol 
| { ) {2.3 E ; j 
C l x Fi I 
v "pm qo de mn = = ΓΝ T E 2i E I E W 11 C μες 
: C) E aer Wer. MUT LT πμ ot ien INS o E 
τ { ( ( / ( ( < ume πε 
Pana Ξ ν / , r r r r [un Q 
pa . £ eue pal es tenir .|* ~ By Melih Tas (SN) 


ner Onur Nesli 


i ~ Hakki Riza Kucuk 
ONT m AEN ae 3e aay ae ies E N E = = erf 
IV CE, ΠΕΝ EM M Ne -- IK τ eem LU = = = BE (_) (_) 13 
| a, .. 2 | CENE S LUCI _I\__/ \__/1_I+ ~ By Melih Tas (SN) 
2 de al EO EET e te Caner Onur Nesli 
, - -— 5) d SS eem i οσα T quem = ~ Hakki Riza Kucuk 
— He TN πο ΠΤ = iuit + 
= a a ων RECTE STE eps CN SI CN SE IR NC [!] Client Interface: ethO 
[!] Client IP: 192.168.65.138 
uri αμα [1] SIP SIM simulation process started. 
CQ | I 
LIN / NC /ILI+ ~ By Melih Tas (SN) A spoofed message was successfully sent. 
time duration: 0.00 
Canet Onur Nesli root@kali-64:~/Desktop/Mr.SIP Prot J 


~ Hakki Riza K 


[1] 


[1] 
[1] 
Num User 


^. Attack Conclusion ` 
: .* Emulate insiders and perform spear phishing activities. — . 


IE: SPIT idea (robocall): Create a list of victim users, perform automated calls (SIP- - : 
SIM supports that), play pre-recorded media content (advertisement) 


= = It is possible to make WAN-based Caller-ID Spoofing! τε 
Ξ---πε-κἰε--------..,..ι 


. Hacking Story 3: Abusing Known Flood Based >- 
.. TDoS Vulnerability ΞΞ--Ξ----------- 
= * Victim: An enterprise running VoIP | 
= Impact: Overloading SIP server capacity = 
: zs | Cause: Known DoS vulnerability of the SIP server . | = 
== Attacker Motivation: Distrupt the service availability E = 


= Attack Vector: Version-based vulnerability scan, TDoS attack 


© Techniques: Flood based TDoS, IP spoofing — 


Hacking Story 3: Setup & Steps _ E | 


=E Assumption-1: Hired to penteston. = Hacking Steps: cum E 

A —- — — ο 4 ὃς | 
| Eee τς Ες ο Scan for known vulns & exploits — = 
== +. Attack Tool: Mr.SIP Pro, SIP (VSCAN, DAS) 3 | 
———Payloads- N/A E 


+ SIP servers identification 


Check for vulns & exploit details — ; 


2 
3 

^4. Perform spoofed SIP INVITE flood .. 
5 


z Exhaust the resources of target | 


“server 2: 


~ By Melih Tas (SN) 


Nesli 
cuk 


Caner Onur 
~ Hakki Riz 


4 


[Info] Vulnerability scan started... 
J[Info] Default Mode. 
22 Vulnerabilities Found! 


[»] Product: Asterisk 1.6 

[*] CVEID: CVE-2008-1390 Score: 9.3 NVD 

[+] CVEID: CVE-2011-1599 Score: 9.0 NVD 
CVEID: CVE-2008-3263 Score: 7.8 NVD 
CVEID: CVE-2011-1147 Score: 6.8 NVD 
CVEID: CVE-2011-0495 Score: 6.0 NVD 
CVEID: CVE-2011-4597 Score: 5.0 NVD 
CVEID: CVE-2011-2529 Score: 5.0 NVD 
CVEID: CVE-2011-2535 Score: 5.0 NVD 
CVEID: CVE-2011-2666 Score: 5.0 NVD 
CVEID: CVE-2011-2536 Score: 5.0 NVD 
CVEID: CVE-2011-1507 Score: 5.0 NVD 
CVEID: CVE-2011-1174 Score: 5.0 NVD 
CVEID: CVE-2011-1175 Score: 5.0 NVD 
CVEID: CVE-2010-0685 Score: 5.0 NVD 
CVEID: CVE-2010-0441 Score: 5.0 NVD 
CVEID: CVE-2009-4055 Score: 5.0 NVD 
CVEID: CVE-2009-3727 Score: 5.0 NVD 
CVEID: CVE-2009-2651 Score: 5.0 NVD 
CVEID: CVE-2012-1183 Score: 4.3 NVD 
CVEID: CVE-2011-4598 Score: 4.3 NVD 
CVEID: CVE-2010-1224 Score: 4.3 NVD 
CVEID: CVE-2009-0871 Score: 3.5 NVD 


1 Exploit Found! 
Product: Asterisk 1.6 


Exploit: Asterisk 1.6 IAX - 'POKE' Requests 
time durati 1.41 
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Check vulnereabilities of install packages... 


nist.gov/vuln/detail/CVE-2008-1390 
nist.gov/vuln/detail/CVE-2011-1599 
nist.gov/vuln/detail/CVE-2008-3263 
nist.gov/vuln/detail/CVE-2011-1147 
nist.gov/vuln/detail/CVE-2011-0495 
nist.gov/vuln/detail/CVE-2011-4597 
nist.gov/vuln/detail/CVE-2011-2529 
nist.gov/vuln/detail/CVE-2011-2535 
nist.gov/vuln/detail/CVE-2011-2666 
nist.gov/vuln/detail/CVE-2011-2536 
nist.gov/vuln/detail/CVE-2011-1507 
nist.gov/vuln/detail/CVE-2011-1174 
nist.gov/vuln/detail/CVE-2011-1175 
nist.gov/vuln/detail/CVE-2010-0685 
nist.gov/vuln/detail/CVE-2010-0441 
nist.gov/vuln/detail/CVE-2009-4055 
nist.gov/vuln/detail/CVE-2009-3727 
nist.gov/vuln/detail/CVE-2009-2651 
nist.gov/vuln/detail/CVE-2012-1183 
nist.gov/vuln/detail/CVE-2011-4598 
nist.gov/vuln/detail/CVE-2010-1224 
nist.gov/vuln/detail/CVE-2009-0871 


Service 


.— Hacking Story 3: DEMO! vc. 


it on our youtube cha 


Path: /usr/share/exploitdb/platforms/linux/dos/32095.pl 


root@kali-64:~/Desktop/Mr.SIP Prot python3 mr.sip.p 
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Client Interface: ethO 
Client IP: 192.168.65.138 

DoS attack simulation process started. 
Progress: [[{{{1111!111!111{11111111 
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^. Attack Conclusion © - 


= * Main Problem: Running vulnerable version? TDoS in UDP usage? . 


 —* Manipulate attention with TDoS . | 
= = and perform another insidious attack at the time! 
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[!] Client Interface: ethO = 
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{11 SIP ASP simulation process started. | 1/ X 
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